muyrety/Smarter
1
1
Fork 1
Code Issues Pull requests Projects Releases 5 Packages Wiki Activity Actions

Add email password reset logic. #2

Merged
muyrety merged 7 commits from :auth/email into main 2025-05-24 12:06:47 +00:00
Conversation 3 Commits 7 Files changed 9 +320 -68
ari commented 2025-05-23 22:50:56 +00:00
Contributor
Copy link

This PR introduces functionality for email-based password resets using Python's built-in libraries working with the SMTP protocol. The implementation sends welcome and password reset emails formatted as shown here:

image

image

The motivation for this feature came from encountering password-related issues on uselis.eu, making this addition beneficial.

To configure email password resets, you need to set the following configuration variables:

  • EMAIL_USER (SMTP login username, e.g. hi@example.com)
  • EMAIL_PASSWORD (the SMTP login password to the corresponding user, e.g. Hunter2)
  • EMAIL_SERVER (the SMTP server address and port, e.g. mail.example.com or mail.example.com:1234 note: port 587 is implied (i.e. the default for secure email submission with authentication))

Uhh yeah :D

Signed-off-by: Arija A. ari@ari.lt

This PR introduces functionality for email-based password resets using Python's built-in libraries working with the SMTP protocol. The implementation sends welcome and password reset emails formatted as shown here: ![image](/attachments/1aa0e03c-5e01-4296-8f09-40bdf2c9d49b) ![image](/attachments/43d157fe-432e-4cd5-848f-5c78fd00b938) The motivation for this feature came from encountering password-related issues on uselis.eu, making this addition beneficial. To configure email password resets, you need to set the following configuration variables: * `EMAIL_USER` (SMTP login username, e.g. `hi@example.com`) * `EMAIL_PASSWORD` (the SMTP login password to the corresponding user, e.g. `Hunter2`) * `EMAIL_SERVER` (the SMTP server address and port, e.g. `mail.example.com` or `mail.example.com:1234` **note:** port 587 is implied (i.e. the default for secure email submission with authentication)) Uhh yeah :D Signed-off-by: Arija A. <ari@ari.lt>
image.png
40 KiB
image.png
40 KiB
ari added 1 commit 2025-05-23 22:50:57 +00:00 
Signed-off-by: Arija A. <ari@ari.lt>
ari 2025-05-23 22:51:16 +00:00
  • added the
    enhancement
         label
  • requested review from muyrety
ari added 1 commit 2025-05-23 23:01:02 +00:00 
Signed-off-by: Arija A. <ari@ari.lt>
ari added 1 commit 2025-05-23 23:12:51 +00:00 
Signed-off-by: Arija A. <ari@ari.lt>
ari added 1 commit 2025-05-23 23:28:09 +00:00 
Signed-off-by: Arija A. <ari@ari.lt>
muyrety requested changes 2025-05-24 11:43:30 +00:00
smarter/auth.py Outdated
@ -89,1 +103,4 @@
- Team Smarter""",
)
except db.IntegrityError:
muyrety commented 2025-05-24 11:22:35 +00:00
Owner
Copy link

Username or email is taken

Username _or_ email is taken
ari marked this conversation as resolved
smarter/auth.py
@ -153,0 +222,4 @@
).fetchone()
reset_token = secrets.token_hex(16)
muyrety commented 2025-05-24 11:32:59 +00:00
Owner
Copy link

Check if user exists: if user_data is not None ...:. Server panics with code 500 if there is no user with that username.

Check if user exists: `if user_data is not None ...:`. Server panics with code 500 if there is no user with that username.
ari marked this conversation as resolved
smarter/auth.py
@ -153,0 +237,4 @@
- Team Smarter""",
)
muyrety commented 2025-05-24 11:15:11 +00:00
Owner
Copy link

Storing the reset token in the session kinda defeats the purpose of email verification. The client can see the session contents. The only solution would be to store the reset token internally, probably in the SQL database.

Storing the reset token in the session kinda defeats the purpose of email verification. The client _[can see the session contents](https://flask.palletsprojects.com/en/stable/api/#sessions)_. The only solution would be to store the reset token internally, probably in the SQL database.
ari commented 2025-05-24 11:46:56 +00:00
Author
Contributor
Copy link

True, but honestly I'll just hash it :) And oops about the session thing, I misremembered that it's encrypted, guess it's just signed.

True, but honestly I'll just hash it :) And oops about the session thing, I misremembered that it's encrypted, guess it's just signed.
👍 1
ari marked this conversation as resolved
smarter/templates/auth/pwreset-set.html
@ -0,0 +41,4 @@
<button type="submit" class="btn btn-outline-primary" id="registerButton">Reset password</button>
</div>
</form>
muyrety commented 2025-05-24 11:37:40 +00:00
Owner
Copy link

Formatting needs to be fixed, same as auth/pwreset.html.

Formatting needs to be fixed, same as auth/pwreset.html.
ari marked this conversation as resolved
smarter/templates/auth/pwreset.html
@ -0,0 +16,4 @@
<button type="submit" class="btn btn-outline-primary" id="pwresetButton">Reset password</button>
</div>
</form>
muyrety commented 2025-05-24 11:25:50 +00:00
Owner
Copy link

Text should be centered, maybe coloring it could also help. Top margin should be added.

Text should be centered, maybe coloring it could also help. Top margin should be added.
ari marked this conversation as resolved
muyrety commented 2025-05-24 11:46:54 +00:00
Owner
Copy link

The related content is below the comment, forgejo only shows code above the comment for some reason.

The related content is below the comment, forgejo only shows code above the comment for some reason.
👍 1
ari added 1 commit 2025-05-24 11:58:36 +00:00 
* Check if a user exists on password reset
* Hash session contents

Signed-off-by: Arija A. <ari@ari.lt>
ari added 1 commit 2025-05-24 12:02:15 +00:00 
Signed-off-by: Arija A. <ari@ari.lt>
requested review from muyrety 2025-05-24 12:02:29 +00:00
muyrety merged commit 061c627286 into main 2025-05-24 12:06:47 +00:00
ari commented 2025-05-24 12:07:17 +00:00
Author
Contributor
Copy link

hell yeah 🔥🔥🔥

hell yeah 🔥🔥🔥
🎉 1
ari deleted branch auth/email 2025-05-25 16:10:35 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
muyrety
Labels
Clear labels   
bug

Something isn't working

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
wontfix

This will not be worked on

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: muyrety/Smarter#2
No description provided.
Delete branch ":auth/email"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?